| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Oct 2006 17:29:48 +0100 From: Joerg Platte <lists@...sa.net> To: linux-kernel@...r.kernel.org Subject: IPSEC and bridged interfaces Hi, currently I'm using kernel 2.6.18.1 on one of my computers. The router acts as an ipsec endpoint and masquerades all packets received via IPSEC. Today I replaced the local ethernet interface by a bridged interface by combining the ethernet interface with a tap interface. I changed the interface names in my iptables-based firewall to match the new bridge interface name and did not change anything else. Unfortunately, the kernel does not encrypt incoming packages any more. tcpdump reveals, that all received replies (I tested it with ping) are forwarded unencrypted, because they are visible on my firewall instead of being encrypted. Is this a known problem? Is bridging and IPSEC (maybe with masquerading) currently not supported? Or should I forward this issue to another mailing list? regards, Jörg - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists